A tool that makes use of Frida API hooking and code tracing functionalities to try to detect and in most cases bypass many of the evasive techniques, such as Anti-VM or Anti-Debugging techniques, commonly used by Windows malware or software protectors. This tool was developed as part of my Master's Thesis project with the aim of studying the usage of evasive techniques among commercial packers/protectors.
Run the following command from the installation directory:
pip install -r requirements.txtRun python3 captainhook.py -h for help.
To extend the tool, simply create a new file or edit any file under the __handlers__ directory and add your hooks there (or change the existing ones if you prefer). You should also install Frida Node.js bindings to benefit from syntax highlighting on editors like VS Code.